19 March,2022 03:39 PM IST | New Delhi | IANS
File Photo
A new report on Saturday claimed that personal files and health records of at least 2.46 lakh personnel from the Central Industrial Security Force (CISF) have allegedly been exposed online owing to a data security lapse.
A TechCrunch report cited an unnamed security researcher in India as saying that the researcher found a database packed with network logs generated by a security appliance connected to CISF's network.
"But the database was not secured with a password, allowing anyone on the internet to access the logs from their web browser," the report alleged.
The logs allegedly contained records for more than 246,000 full web addresses of PDF documents on CISF's network.
ALSO READ
Make railway station infra commuter-friendly
Delayed fliers at Delhi airport can now wait at special enclosures
SC orders Bengal to provide accomodation, security equipment for CISF at RG Kar
Kolkata doctor rape-murder: CISF deployed at RG Kar Hospital following SC order
CISF constable who 'slapped' Kangana shifted to Karnataka unit; inquiry on
Several of those logs contained personnel files, health records and personally identifiable information on CISF officers.
Some of the files are dated as recently as 2022, according to the report.
The researcher said the security appliance is built by India-based security company Haltdos.
The company, however, did not comment on the report.
IANS spoke to cyber-security researchers who said that the leaked CISF database in PDF files is likely to be related to a recent government server (that has even been indexed in Google Search) hack.
In January, reports surfaced that Covid-19 data of over 20,000 Indians, including health workers, in PDF files were available on the Raid Forums website on the Dark Web, and the hacker claims that they were directly coming from a government CDN (content delivery network) server.
The same documents were available freely on Google Search as "List of Beneficiaries Enrolled for Covid Vaccine" with keywords like RT-PCR results.
The Ministry of Health and Family Welfare later brushed off the reports, saying "no data has leaked from the Co-Win portal and the entire data of residents is safe and secure on this digital platform".
The Ministry had emphasised that the vaccination platform "collects neither the address of the person nor the RT-PCR test results for Covid-19 vaccination".
Last year, the Health Ministry and security researchers had denied the breach of Covid-19 vaccination data of 150 million Indians, after news of the hack spread online.
The data leak allegedly happened on the Co-Win portal, which is used for vaccination.
This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.